Why have a maximum of 64 characters? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nerdsniper 5 months ago \| parent \| context \| favorite \| on: A complete guide to the new 2025 NIST password gui... Why have a maximum of 64 characters?

MonstraG 5 months ago [–]

Yea, I think they (proton) just didn't properly read (misunderstood) the guidelines.

> 3.1.1.2 Password Verifiers

> ...

> 2. Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.

In other words, if you want to put a max length, don't put 20, put at least 64.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact